• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Windows NT question......

pillage2001

pillage2001

Lifer
And I want to find out who. The folder in the server is being shred out to a few of my colleagues at work and over the weekend, someone had took the liberty to delete 3gb worth of files. Is there anyway I can check who had accessed that folder? Or, if not, is there a program to monitor who access folders in the drive so that I can prevent this from happening in the future?
 
Depending on the operating system (and file system) on the server, you can probably enable auditing on the share to record who accesses, adds, moves, deletes, etc. files in the folder as well as when they do it.
 
Originally posted by: Fardringle
Depending on the operating system (and file system) on the server, you can probably enable auditing on the share to record who accesses, adds, moves, deletes, etc. files in the folder as well as when they do it.
Click to expand...

It's on windows server 2k3 and NTFS. How do I enable the auditing?
 
On the server, right-click on the folder/share and left-click on Properties. In the Properties window, click on the Security tab, then click on the Advanced button. In the Advanced Properties window, click on the Auditing tab. From there, click on the Add button and then add whatever users or groups you want to monitor. You can choose all users, or just specific users depending on what the situation requires (you can use Everyone or Domain Users if you want to monitor everyone). After you have the users/groups selected, click OK and it will open a window titled "Auditing Entry". In this window, select the options that you want to monitor such as List Folder, Delete, and Delete Subfolders and Files, to record each time someone opens the folder and each time someone deletes a file, (or just click Full Control in both columns to audit everything if you want to do that) and then click OK three times to save the changes.

Any access to the share that meets the parameters you selected on the Auditing page will then show up in the Event Log on the server so you'll be able to see exactly how and when those files are accessed or deleted, and by whom.
 
I clicked on full control for the auditing and input the name of the group that I would want to audit. I opened the event viewer but which log should I be observing?
 
Originally posted by: pillage2001
I clicked on full control for the auditing and input the name of the group that I would want to audit. I opened the event viewer but which log should I be observing?
Click to expand...

Security log.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top